From 881d8cb21c0b9168787b932f41b801593bde2216 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Mon, 2 Nov 2020 20:10:25 +0100 Subject: tcp: add raw tcp option match support tcp option @42,16,4 (@kind,offset,length). Signed-off-by: Florian Westphal --- src/exthdr.c | 13 +++++++++---- src/parser_bison.y | 5 +++++ src/tcpopt.c | 2 ++ 3 files changed, 16 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/exthdr.c b/src/exthdr.c index 8995ad17..5eb66529 100644 --- a/src/exthdr.c +++ b/src/exthdr.c @@ -52,10 +52,15 @@ static void exthdr_expr_print(const struct expr *expr, struct output_ctx *octx) */ unsigned int offset = expr->exthdr.offset / 64; - if (expr->exthdr.desc == NULL && - expr->exthdr.offset == 0 && - expr->exthdr.flags & NFT_EXTHDR_F_PRESENT) { - nft_print(octx, "tcp option %d", expr->exthdr.raw_type); + if (expr->exthdr.desc == NULL) { + if (expr->exthdr.offset == 0 && + expr->exthdr.flags & NFT_EXTHDR_F_PRESENT) { + nft_print(octx, "tcp option %d", expr->exthdr.raw_type); + return; + } + + nft_print(octx, "tcp option @%u,%u,%u", expr->exthdr.raw_type, + expr->exthdr.offset, expr->len); return; } diff --git a/src/parser_bison.y b/src/parser_bison.y index 9a2b1b6f..a8884466 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -5198,6 +5198,11 @@ tcp_hdr_expr : TCP tcp_hdr_field $$ = tcpopt_expr_alloc(&@$, $3, TCPOPT_COMMON_KIND); $$->exthdr.flags = NFT_EXTHDR_F_PRESENT; } + | TCP OPTION AT tcp_hdr_option_type COMMA NUM COMMA NUM + { + $$ = tcpopt_expr_alloc(&@$, $4, 0); + tcpopt_init_raw($$, $4, $6, $8, 0); + } ; tcp_hdr_field : SPORT { $$ = TCPHDR_SPORT; } diff --git a/src/tcpopt.c b/src/tcpopt.c index 1cf97a56..05b5ee6e 100644 --- a/src/tcpopt.c +++ b/src/tcpopt.c @@ -197,6 +197,8 @@ void tcpopt_init_raw(struct expr *expr, uint8_t type, unsigned int off, if (flags & NFT_EXTHDR_F_PRESENT) datatype_set(expr, &boolean_type); + else + datatype_set(expr, &integer_type); if (type >= array_size(tcpopt_protocols)) return; -- cgit v1.2.3